[
https://issues.apache.org/jira/browse/SHIRO-277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Steitz updated SHIRO-277:
------------------------------
Attachment: jdbcRealm.patch
Here is a first cut at a patch to add salt support. It seems to me there are
four possibilities for how to get the salt: 0) no salt 1) crypt-style 2) salt
in a separate database column and 4) salt supplied by an external function. I
tried to make room for all 4, but did not implement 1). If we like the setup,
the enum should either be separated or replaced by constants. I also dropped
(for now) the extension point, buildAuthenticationInfo, which we can add back
later once we agree on the API for salting. I used hsqldb for the unit tests
because that dependency already exists elsewhere. The javadoc still needs to
be improved throughout. I will do this once we agree on the API.
> JdbcRealm needs to be refactored
> --------------------------------
>
> Key: SHIRO-277
> URL: https://issues.apache.org/jira/browse/SHIRO-277
> Project: Shiro
> Issue Type: Improvement
> Components: Realms
> Affects Versions: 1.1.0
> Reporter: Ilya Pyatigorskiy
> Fix For: 1.2.0
>
> Attachments: jdbcRealm.patch
>
>
> There are at least 2 obvious problems:
> 1) the javadoc for JdbcRealm.setPermissionsQuery suggests that the query is
> expected to have 3 columns ("containing the fully qualified name of the
> permission class, the permission name, and the permission actions (in that
> order)"), but the code actually looks only for 1 - permission actions on
> index 0
> 2) it doesn't support salt - checks only for password matching
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
